Microsoft Says Recovery from Malware Becoming Impossible

Jon maddog Hall maddog at li.org
Wed Apr 19 16:12:01 EDT 2006 

dragonhawk at gmail.com said:
>   What Microsoft is saying -- you need to reinstall from trusted media after
> a root compromise -- have been Standard Operating Procedure in the security
> community for decades, on all platforms, nix and doze included.

True, but the ease of getting to such a compromised situation might be a
differentiator.

About a year ago there was a report done by a series of security experts warning
about the issues of creating "one generic brand of operating system, on one
generic brand of instruction set" and watching as the worms and viruses attacked
it full bore like a virus in a field of generically identical corn.  Their
conclusion was that it was better to have a mix of OS and
architectures, even if the standards of interface were the same.

One of the authors of this report was mysteriously fired by his company, who
valued the business of Microsoft.

So if I had 2000 systems made up of 1000 Intel machines and 1000
PowerPCs, running Linux and (perhaps BSD), I might find that given huge
compromise of any one architecture/OS combination I might be able to do work
on the other 3/4 of my machines.

Or by using a different strategy, such as LSTP, you may have to "re-install"
a heck of a lot fewer machines.

And finally, there is the issue of how fast can you get the patch, and whether
it exists for all your operating systems, even the ones "retired".

Just some thoughts.

md
-- 
Jon "maddog" Hall
Executive Director           Linux International(R)
email: maddog at li.org         80 Amherst St. 
Voice: +1.603.672.4557       Amherst, N.H. 03031-3032 U.S.A.
WWW: http://www.li.org

Board Member: Uniforum Association, USENIX Association

(R)Linux is a registered trademark of Linus Torvalds in several countries.
(R)Linux International is a registered trademark in the USA used pursuant
   to a license from Linux Mark Institute, authorized licensor of Linus
   Torvalds, owner of the Linux trademark on a worldwide basis
(R)UNIX is a registered trademark of The Open Group in the USA and other
   countries.

More information about the gnhlug-discuss mailing list